IT-Analysis.com
IT-Analysis.com Logo
Business Issues Compliance
Business Issues Channels Enterprise Services SME Technology
Change Compliance Costs Employment Innovation Quality Regulation Security & Risk
Archive  | Papers  | Events  | Newswire  | Blogs  Contact IT-Analysis.com 
Module Header
Simon HollowayThe Holloway Angle
Simon Holloway
19th June - Bizagi introduce Simulation to their freeware process modeller
Laurie McCabeLaurie McCabe
Laurie McCabe
18th June - Key Considerations: How SMBs Are Using Data and Insights to Get Ahead
Angela AshendenMWD Advisors
Angela Ashenden
17th June - Social collaboration software: helping make the world smaller
Neil Ward-DuttonMWD Advisors
Neil Ward-Dutton
14th June - PegaWORLD 2013 impresses, but what's next?
Philip HowardBloor IM Blog
Philip Howard
12th June - ISV survey
Laurie McCabeLaurie McCabe
Laurie McCabe
11th June - Top SMB Takeaways: SAP Sapphire 2013
Analysis
Remote access - made easy
Fran Howarth By: Fran Howarth, Principal Analyst, Quocirca (Moved)
Published: 22nd May 2008
Copyright Quocirca © 2008
 Logo for Quocirca

Working from nine to five in an office is no longer the way that many people make a living. The use of advanced technology is now a way of life and affords us many more options. Employees work remotely more often than they used to—from home, on business trips, or whilst servicing facilities or customers in the field—and now expect to be able to access the corporate network via mobile devices. In a bid to improve productivity and achieve cost savings, organisations are also increasingly opening up their networks to business partners, suppliers and, in some cases, to customers. As well as this, very little business is conducted today from just one single isolated geographic location.

The need to provide remote access to centralised information technology resources can create headaches for those in charge—especially since much of this traffic can be reliant on insecure communications channels, and the internet in particular. In today's highly regulated world, organisations are under considerable pressure to prove that no one has tampered with their computer networks, or the data that they carry.

This means that remote access is now a fact of life, but is not always easy to administer or manage. When organisations first started providing remote access to their employees with internet access in the mid-1990s, the most common form of connection was via a dial-up service, with access control mainly addressed by a user name and password combination. For some organisations, it made sense to develop proprietary solutions using leased lines to connect different office locations, but this is an expensive proposition.

Today, virtual private network (VPN) technologies have emerged as the solution of choice for achieving remote access needs. And among these, two flavours of VPNs have emerged as the favoured technologies—secure socket layer (SSL) and internet protocol security (IPSec) VPNs. SSL VPNs require just a browser on the client to be set up remotely and are therefore suitable for connecting large numbers of remote users for casual or ad hoc access. However, they are generally only useful for accessing web-enabled applications, unless specific application programming interfaces (API) have been written for enterprise applications such as customer relationship management systems. This means that they are not a full remote access solution in most cases.

IPSec VPNs, on the other hand, can be used to access any applications running on a network and can provide the user with the same experience as if they were physically located in the office. But IPSec VPNs have traditionally had large management and administrative overheads associated with them as they relied on the manual installation of software agents on each device needing access, which is costly in terms of the resources and time required to set them up and keep them running. Although the most commonly used type of VPN, especially for branch-to-branch communications, it was difficult to make such deployments scale to more than about 100 users.

To address these problems, IPSec VPN vendors have added many new features to their products, resulting in the development of a new generation of IPSec VPNs that streamline many of the management headaches associated with deployments in large complex environments. Among the features that make them easier to manage are the provision of centralised management capabilities that provide one single point of administration for setting up, managing and maintaining deployments. This allows organisations to manage large, complex deployments with just a handful of administrative resources, saving greatly on associated costs.

Not only is the new generation of IPSec VPNs easier and more cost effective to manage than earlier versions of the technology, but there are also a number of other added features that will make them attractive for a wide range of organisations in terms of the ability to improve their security procedures associated with remote access and to help them achieve regulatory compliance objectives such as data protection. Among security features that are now available in newer technologies are the inclusion of personal firewalls for each device under management, which not only handle the security settings, but make sure that users are prevented from tampering with security controls that have been set. They also enable checks to be made on the security levels applied to each endpoint under management and can enforce that the correct security tools are deployed on each machine, according to set policies. Use of a centralised RADIUS (remote access dial-up service) server that ties remote access authentication to backend databases such as LDAP and that logs all access attempts for reporting purposes helps greatly in ensuring that users can access only those applications to which they have been assigned rights.

But security is only as good as its weakest link, so an IPSec VPN deployment needs to provide coverage for all systems and devices used by organisations today, including databases, enterprise directories and devices that allow mobile networking—as well as extending coverage to new forms of technology as they emerge. For example, since operating systems are used for accessing the applications that users need, the ideal IPSec VPN will provide broad support for such systems, including Linux and Microsoft Vista, both 32 and 64-bit versions, as well as for operating systems used by mobile devices, such as Symbian and Windows Mobile.

One further piece of the puzzle is that, in order to ensure that corporate data is protected and that all actions can be tied to individual perpetrators, full logging and reporting capabilities are required for use in security audits. With next-generation IPSec VPNs, all events are automatically logged and the reports are communicated to the central administration point for use by management.

With these new capabilities, IPSec VPNs have finally come of age. Until recently, VPN solutions on the market were unwieldy and difficult to manage in the case of IPSec, or provided only limited levels of access in the case of SSL. Now, this new generation of IPSec VPNs can provide highly secure remote access in a wide range of scenarios at a much lower overall cost in terms of administration, management and maintenance than first-generation products. The headaches associated with managing large-scale IPSec VPN deployments are now a thing of the past.

Quocirca's report The essential elements of secure remote access is free for download here.

Advertisement


Analysts
Bloor Research Hurwitz & Associates Interarbor Solutions MWD Advisors Quocirca The Information Difference
Contact | Site Map | Terms of Use | Privacy Policy | Cookie Policy
Copyright © IT Analysis Communications Ltd., unless stated otherwise		 Tel: +44 (0)190 888 0760
Fax: +44 (0)190 888 0761

Published by: IT Analysis Communications Ltd.
T: +44 (0)190 888 0760 | F: +44 (0)190 888 0761
Email: